package com.gitblit.auth;

import com.gitblit.Constants;
import com.gitblit.Keys;
import com.gitblit.auth.AuthenticationProvider;
import com.gitblit.models.TeamModel;
import com.gitblit.models.UserModel;
import com.gitblit.utils.StringUtils;
import com.sun.jna.platform.win32.Win32Exception;
import java.util.TreeSet;
import waffle.windows.auth.IWindowsAccount;
import waffle.windows.auth.IWindowsAuthProvider;
import waffle.windows.auth.IWindowsComputer;
import waffle.windows.auth.IWindowsIdentity;
import waffle.windows.auth.impl.WindowsAuthProviderImpl;

/* loaded from: input_file:com/gitblit/auth/WindowsAuthProvider.class */
public class WindowsAuthProvider extends AuthenticationProvider.UsernamePasswordAuthenticationProvider {
    private IWindowsAuthProvider waffle;

    public WindowsAuthProvider() {
        super("windows");
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public void setup() {
        this.waffle = new WindowsAuthProviderImpl();
        IWindowsComputer currentComputer = this.waffle.getCurrentComputer();
        this.logger.info("Windows Authentication Provider");
        this.logger.info("      name = " + currentComputer.getComputerName());
        this.logger.info("    status = " + describeJoinStatus(currentComputer.getJoinStatus()));
        this.logger.info("  memberOf = " + currentComputer.getMemberOf());
    }

    protected String describeJoinStatus(String str) {
        return "NetSetupUnknownStatus".equals(str) ? "unknown" : "NetSetupUnjoined".equals(str) ? "not joined" : "NetSetupWorkgroupName".equals(str) ? "joined to a workgroup" : "NetSetupDomainName".equals(str) ? "joined to a domain" : str;
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public boolean supportsCredentialChanges() {
        return false;
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public boolean supportsDisplayNameChanges() {
        return false;
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public boolean supportsEmailAddressChanges() {
        return true;
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public boolean supportsTeamMembershipChanges() {
        return true;
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public boolean supportsRoleChanges(UserModel userModel, Constants.Role role) {
        return true;
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public boolean supportsRoleChanges(TeamModel teamModel, Constants.Role role) {
        return true;
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public Constants.AccountType getAccountType() {
        return Constants.AccountType.WINDOWS;
    }

    @Override // com.gitblit.auth.AuthenticationProvider
    public UserModel authenticate(String str, char[] cArr) {
        String string = this.settings.getString(Keys.realm.windows.defaultDomain, null);
        if (StringUtils.isEmpty(string)) {
            string = null;
        }
        if (string != null) {
            if (str.startsWith(string + "\\")) {
                str = str.substring(string.length() + 1);
            } else if (str.endsWith("@" + string)) {
                str = str.substring(0, str.lastIndexOf(64));
            }
        }
        try {
            IWindowsIdentity logonUser = (str.indexOf(64) > -1 || str.indexOf(92) > -1) ? this.waffle.logonUser(str, new String(cArr)) : this.waffle.logonDomainUser(str, string, new String(cArr));
            if (logonUser.isGuest() && !this.settings.getBoolean(Keys.realm.windows.allowGuests, false)) {
                this.logger.warn("Guest account access is disabled");
                logonUser.dispose();
                return null;
            }
            UserModel userModel = this.userManager.getUserModel(str);
            if (userModel == null) {
                userModel = new UserModel(str.toLowerCase());
            }
            setCookie(userModel);
            userModel.accountType = getAccountType();
            String fqn = logonUser.getFqn();
            if (fqn.indexOf(92) > -1) {
                userModel.displayName = fqn.substring(fqn.lastIndexOf(92) + 1);
            } else {
                userModel.displayName = fqn;
            }
            userModel.password = Constants.EXTERNAL_ACCOUNT;
            TreeSet treeSet = new TreeSet();
            for (IWindowsAccount iWindowsAccount : logonUser.getGroups()) {
                treeSet.add(iWindowsAccount.getFqn());
            }
            if (this.settings.getBoolean(Keys.realm.windows.permitBuiltInAdministrators, true) && treeSet.contains("BUILTIN\\Administrators")) {
                userModel.canAdmin = true;
            }
            updateUser(userModel);
            logonUser.dispose();
            return userModel;
        } catch (Win32Exception e) {
            this.logger.error(e.getMessage());
            return null;
        }
    }
}
